Source Code of org.sonatype.security.DefaultSecuritySystemTest

/*
 * Sonatype Nexus (TM) Open Source Version
 * Copyright (c) 2007-2014 Sonatype, Inc.
 * All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
 *
 * This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
 * which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
 *
 * Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
 * of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
 * Eclipse Foundation. All other trademarks are the property of their respective owners.
 */
package org.sonatype.security;

import java.util.HashMap;
import java.util.Map;
import java.util.Set;

import org.sonatype.security.authentication.AuthenticationException;
import org.sonatype.security.authorization.AuthorizationException;
import org.sonatype.security.authorization.Role;
import org.sonatype.security.usermanagement.DefaultUser;
import org.sonatype.security.usermanagement.RoleIdentifier;
import org.sonatype.security.usermanagement.User;
import org.sonatype.security.usermanagement.UserStatus;

import junit.framework.Assert;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;

public class DefaultSecuritySystemTest
    extends AbstractSecurityTest
{

  public void testLogin()
      throws Exception
  {
    SecuritySystem securitySystem = this.getSecuritySystem();

    // login
    UsernamePasswordToken token = new UsernamePasswordToken("jcoder", "jcoder");
    Subject subject = securitySystem.login(token);
    Assert.assertNotNull(subject);

    try {
      securitySystem.login(new UsernamePasswordToken("jcoder", "INVALID"));
      Assert.fail("expected AuthenticationException");
    }
    catch (AuthenticationException e) {
      // expected
    }
  }

  public void testLogout()
      throws Exception
  {
    SecuritySystem securitySystem = this.getSecuritySystem();

    // bind to a servlet request/response
    // this.setupLoginContext( "test" );

    // login
    UsernamePasswordToken token = new UsernamePasswordToken("jcoder", "jcoder");
    Subject subject = securitySystem.login(token);
    Assert.assertNotNull(subject);

    // check the logged in user
    Subject loggedinSubject = securitySystem.getSubject();
    // Assert.assertEquals( subject.getSession().getId(), loggedinSubject.getSession().getId() );
    Assert.assertTrue(subject.isAuthenticated());
    Assert.assertTrue("Subject principal: " + loggedinSubject.getPrincipal() + " is not logged in",
        loggedinSubject.isAuthenticated());
    // now logout
    securitySystem.logout(loggedinSubject);

    // the current user should be null
    subject = securitySystem.getSubject();
    Assert.assertFalse(subject.isAuthenticated());
    Assert.assertFalse(loggedinSubject.isAuthenticated());
  }

  public void testAuthorization()
      throws Exception
  {
    SecuritySystem securitySystem = this.getSecuritySystem();
    PrincipalCollection principal = new SimplePrincipalCollection("jcool", "ANYTHING");
    try {
      securitySystem.checkPermission(principal, "INVALID-ROLE:*");
      Assert.fail("expected: AuthorizationException");
    }
    catch (AuthorizationException e) {
      // expected
    }

    securitySystem.checkPermission(principal, "test:read");

  }

  /*
   * FIXME: BROKEN
   */
  public void BROKENtestPermissionFromRole()
      throws Exception
  {
    SecuritySystem securitySystem = this.getSecuritySystem();
    PrincipalCollection principal = new SimplePrincipalCollection("jcool", "ANYTHING");

    securitySystem.checkPermission(principal, "from-role2:read");

  }

  public void testGetUser()
      throws Exception
  {
    SecuritySystem securitySystem = this.getSecuritySystem();
    User jcoder = securitySystem.getUser("jcoder", "MockUserManagerA");

    Assert.assertNotNull(jcoder);

  }

  public void testAuthorizationManager()
      throws Exception
  {
    SecuritySystem securitySystem = this.getSecuritySystem();

    Set<Role> roles = securitySystem.listRoles("sourceB");
    Assert.assertEquals(2, roles.size());

    Map<String, Role> roleMap = new HashMap<String, Role>();
    for (Role role : roles) {
      roleMap.put(role.getRoleId(), role);
    }

    Assert.assertTrue(roleMap.containsKey("test-role1"));
    Assert.assertTrue(roleMap.containsKey("test-role2"));

    Role role1 = roleMap.get("test-role1");
    Assert.assertEquals("Role 1", role1.getName());

    Assert.assertTrue(role1.getPrivileges().contains("from-role1:read"));
    Assert.assertTrue(role1.getPrivileges().contains("from-role1:delete"));

  }

  public void testAddUser()
      throws Exception
  {
    SecuritySystem securitySystem = this.getSecuritySystem();

    User user = new DefaultUser();
    user.setEmailAddress("email@foo.com");
    user.setName("testAddUser");
    user.setSource("MockUserManagerA");
    user.setStatus(UserStatus.active);
    user.setUserId("testAddUser");

    user.addRole(new RoleIdentifier("default", "test-role1"));

    Assert.assertNotNull(securitySystem.addUser(user));
  }

  @Override
  protected void tearDown()
      throws Exception
  {
    this.getSecuritySystem().stop();

    super.tearDown();
  }

}